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AN IMFUOVICl) fmATKM ANII MKTIIOP IX>K P1ALUP ACCESS POINT VlllJIKUAttll JTV 

ASSESSMENT 

C ROSS-REFERENCE J O KKLATKtt APPLICATION S 

Tins ar)nliciili<in is >i wiithuwfiaii-m-parl of U.S. Patent Application Kerinl No. 
09/312365 entitled DISTRIBUTED SYS'JKM AND MICmOf) POR SYSTEM 
im-NTfMCATlON AND VUIXR RABIUIY SCANNING filed May 14, 1999, 
nssigiicd to ttic assignee of tlie present application arid iiieorporalud by lefcrcncc in its 
entirely. 

TECHNICAL FIELD 

'Hie Invention relates &encnilly to telecommunications access controf systems 
and particularly (o a system fordiolup access point wlnerd til ir.y assessment, 

BACKGROUND OF T HE INVENTION 

Security savvy organizations arc becoming increasingly eJT&utivein proCctctcuy: 
computer access to their data networks via the f nfernel. Al the stone time, [licy arc 
acutely aware of the very real and growing (brent posed by a hick of security over 
access- (o I hut sranc data network through their hundreds or even thousands (if 
uncontrolled, unmnnftorerf telephone lines, 

lu today's hij^i-tccJi cnvironmeiir, most computer users eyn easily connect a 
modem to an cxistinc, Pi; and/or telephone ur facsimile Uno. Once conucctecl, tiie 
device efleeti vdy brides Use Public Switched Telephone Network (PS'I>I) to un 
(ir^ani/ulkm's (hi to network. Each bridge can bethought of as an unni on i Gored, 
uncontrolled connection fo the [Lrtcrnct,or ^intrusted" network. 

One ofihe securiiy pmlewiormrs won* nEghtnuues is a nalVc employee who 
insfjills un uiiaulWized modem and a leinotc^ccess program Kucli <is pcAny where on 
his workstation without * password (as is most often lliecuse wiih user-installed 
iTii)d«ns), und I tuns on (lie modem before, going home at night. Maybe (he* employee 
wiinLs lo work af home in flic evening or over the weekend, dialing in after-hours (o 
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retrieve files from his hard drive. Or maybe he wants to use the corporate, network for 
free I nfernef. access. I villier way^ he pmhably assumes there is I iMle harm in wluil fac is 
doing— bul lie has cicmUxI u serious security bicach. 

Other less scmpulous individual* might create a similar dial up access pom I 
xvilh more ton licit his intent. Disgruntled employee* with authorised >KCCSS (u (he data 
network enn pa-fann unauthorised activities iiom within the private network such as 
downloading sensitive or piOpriefrtry file^or luin allmv other individuals out vide (liu 
company to remotely ditdup through I licit system to do Ihc same. Tins is of special 
concern m high-security environments where outside tranRftUKfcmnft aie normally 
coreluHy morriloird to ensure crape irHic s<>crcfe uvcncit huKl veil iai fly or ddibciTtfcly 
(nmsuuftcd. 

Crackers, hackcjs aid phreakers? know that open modems are an easy tn«£,et. 
They use freeware scan nets sometimes referred in as "wiuxJiHlers" to <\'u\\ nlisl of 
telephone numbers tfcarchinB lor the iamilictr modem carrier tone. Once flic wardialcr 
generates a Jiseof telephone numbers with discovered modern^ they dral those, 
numbers broking Ihran unprotected login or an busily cracked lXisswoul to a remote- 
access program. Thus, ilicy gain access to the data network witJi the potential Co steaf 
and/or destroy valuable data behind the front line protection of a firewall. 

3n a pinrictiveappivKich to f lie. threat jiosed by crodum, hackure and plucnkcrs, 
periodic scanning of an organization's telephone network lias become recognized as & 
necessary component of a corporate security policy. This enkiils dialing into all oJ' Qiu 
organi ration** (cLqrtwxw linos to locale xouuc and authorized modems, and then 
characterizing the. security of each device by cdenii lying ihe nperalHig, 
system/software behind ihc modem uiiii attempting lo penetrate the system in much 
the same way Ihc bad guys do. 

In u defensive effort to jncvait unauthorized access, several commercial 
products targeted by hackees, such as I'rrvate Branch exchange (PBX) systems icud 
remote-accefcfc tin I (ware, now block ctilly nr I iniumalc connection based on calling 
diaraeleriKtica Hint Tumble Jinking attempts. For example, secure system s resist 
[jerielriifion (hacking) ytlcmplsby limiting the nimibcx of allowable usemameand 
password attempts. Kn prcilofincd number of unsuccessful Joajn attempts are made, 
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the systaiVsottwaicfamiiKifcs the connection. Also, if multiple unsuccessful Joajr* 
attempts ane made to the same account within a short period of lime, aft cntirLectinTi* 
U> thul purtiwjlur ucuiunt lire lempi»rMri1y prevented fix \i specified (inu; period. 

Another defensive technique used to detect wacdiaUng is for l J BX systems to 
detect the detracted frtics of calls e^mm£frorn a jurtrcufar stafton. tt>r exwrnple. if 
multiple calls vxx i\imk wifli a uniform Ifrnefclwcou each call, sonic PBX systems 
percdve this to he wardialino. and automatically block these caf k 

Yui another defensive technique PUX &yf;ferns u.se to delect wwdiulmg is 
observe; tiiupmgruKSKiii nf numbers* being >joccksqlI between stutiow. For example* if 
the telephone uiunbcr xxx-xkxO is called, followed by xxk-xxxI, thai xxxocxxlMhis 
la f ileely due to some automated dialing appltauce. Some NiX systems detect the 
$c<jueridn£uf numbers and reilCf. 10 prevent Ike culls from gi^'ngjhrtuigh. 

Unfortunately, since (lie characteristics of cm organizations security 
professionals scanning their telephone system fuoks very much fifcelhe diiinicteristics 
of buying ttUempte, ihe defensive ithjusiitus mentioned above ctm he triggered 
erroneously, causing unnecessary aJarrns and denial of service. 

AdditronaHy, soiYie more clamtesline law enllu-ceiTienf tint] government 
Hyeneiesluivc an interest in accessing targeted networks without being detected, and 
without trigger nitf defensive measures similar to those described above. 

Clearly, >\ need exisls for » system und mufhod for u&vcssiiig (he vulnerability 
of dislup access points tliaf is capable of canionflaging its inherent wacdioling 
characteristics. 

SUMMARY O F THE INVENTION 

The present invention, accordingly, i* an automated vulriembilily assessment 
system and method that alfows security prolessiixwls U> rwe cflwli vcly mid 
efficiently identify jukJ wssess diulup access points by clhiiiiuifhio; operationat 
eb timid eristics associated with unauthorized access attempts. Additionally, the 
pivscul invention provides a method for identifying min-TIT -based (binary) systems 
without prior knowledge of the type of system to he penetrated and without the use of 
the client software. 
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'I lie present invention is a system that replaces the traditional wardkling 
ubmicierixtics of sequenced dial fr^ uniform time periods between dialing, and 
multiple culls \o (ho .smue> number in n .short jNiriod of 1ime % wilh tuitftmimflus random 
sequence dialing and varying di ul i s uy.s hslwe&n mils k\ Ihe surne rumihcr mid 
multiple low-quantity penetration ttflcmpte. Hie pirocal invention also allow 
wokjIkhi of wilnerahilily astte&fiments without interfering with the security features of 
other telephony products. 

The present invention includes dialing rau^cs of numbers, identifying modem 
nrtd/nr fiix carriers, and atte/npting to identify the communications application at the 
Ivraijiwtin&fiitilHiri through signature analysis (i.e. matching negotiation signaling 
and/or (exfaal "banners" foi knnvvii sysl&m type*). 

The system may generally encounter l\vo (Ypesat'cuuiKs;(itmb\TTY 
(Teletype) and binary (iKiri-TTY). I -ach n finest, system fr transmit unique banners or 
othej data that can be used to recognize the system. A TTY connexion is a text-only 
connection, usual ly un operating system banner and logon prompt. With a hi nary 
connection, a binary protocol is uwd lor huudslnildiig al.iui application level. 

rixtcmaJ system objects arc usually dciincd and consist of siyifl{urc6\ nudge 
values, usemame and login prompt values, and uscrjianic/password paiis that are 
associated with specific systems. A miilgc value applies Co certain systems (liat do not 
answer with a text banner; instead, when a connection is jnadc, these systems wait for 
(ho contacting system In provide Ike nudge value Gc t initiulo Iran Mictions. 

After identifying the comnnniic^icnw application al (he terminating station,, 
(lie pvcscnC in v«« I km uUcrnpte lo establish a conticclkin and te$( for security 
vninciabilities associated with i(. If (lie system is idcufificxL syscctn-spccifie 
usernamc/j passwords arc used in an attempt to login Co the system. If the system is not 
identified, Ihe penelralnr uses a list nf default useriulnit^passwnrcls. 

The default usernmtic/passworcls arc common uscruamcs and passwords tliat 
are often used as defaults when sy stems aic installed. Many of Che 
username/passwojid pairs that arc commonly used as defaults when application or 
syscejn software, is installed. Oftentimes use** do noi change these defaults. Itaeume 
many people, knciw Ihese. defaults, iiny individual gouhl pnliin(i^Uy use IhdU (0 gain 



http://patentsljc.gcxa/fcgi-bin/any2html?FILENAME=%2Fcpoti%2Fprod%2Fapa 3/2/2004 



023160O5dis.afpPage5 



Page 2 of 3 



tjiiuuliimi/ed iiccefcff Id the network. Vot example, il'the present invention determines 
i( lias dialed hilci a modem nn a PC flwl is limning noAny where, il will attempt fo gain 
uvcess lu 11%' PC' wripgdirfHull poAuywheroUmlT) and Password combinations. 

One technical advantage r<c3iict\'cd \vi(h (lie invention is flic ability to 
autonomously perform multiple login attempts cm secure software designed to 
leiininuCe Che connection htkJ deny jiuctss ifrjic-piedefined number of ixisirccxwrul 
login attempts is exceeded. 

Another lechniuul advantage achieved wilfi the Invention i« the anility (ci 
autonomously ilial li*fs of Keiuientiul Idephcme numbers hi u random ostler* Ihcreby 
a voiding PftX system c^H h locking. 

Another technical Advance achieved wilh <hc invention is flic ability fo 
autonomously dial the. same tefephune numher multiple time* within a chart period of 
time from tlic same device, bu( difleienl stations* tbexeby avoiding PBX system call 
blocking. 

Still another technical advantage achieved with (lie invention is (be ability (o 
automatically dial multiple numbers, wilh a varying delay time between each call, 
thereby giving the impression of multipic, random, human-placed calls. 

Klifi another technical advantage achieved with the invention if? the ability to 
autonomously identify and distinguish between iTY-bwod and nnn-TTY-bascd 
systems wittvout running jTOprietary non-ITY-hased client software. 

Yd ynother lecbniuil advantage achieved wilh the invention is Ihc utility to 
autonomously identify and distinguish between TTY-buscd ami mm-TTY-bascul 
systems willxuit prior knowiwlgi: of (te type of system. 

HUM 1- IH:SCKIFI JON OK I I IK HUA WINKS 

Thu novel lea luces believed ehaiactcrislie of Ihc invention arc set forth infhc 
appended claims. The invention itself, however, as wel I as other features and 
advantages thcjeol* will be best understood hy reference to (he description which 
I ci I lows, read in conjunction with flic urcomnmiying drawings wherein: 

lug. 1 is a. schematic hi nek diiigmniol'uri exemplary vnhicTability tmcssment 
system of the pnesenf invention; 
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Pigs. 2 A wrul 211 urea process llmvdiagiarn illustrating rhedefeelicm 
avoidance process for (Ik system oTPig.1; 

Kgj. 3 is a process flow diagram illustrating tlic determination of dibble 
numb&rs In dial process Jbi Ike tyjfitem oftfg r l ; 

Figs. 4A and 4Bir*roa puhx^s flow dingram il]usCru(i)ig1hc system 
identification and penetration process for the system of Fi^t. 

DET/VILED .PJgSCRfJE!DQtlflE31lB EEEEEgEEB RMBOPIMlCTny 

The present invention can 1)c described with several examples given bslow. It 
imdwsloodt huwever, thai the. examples below are not necessarily limitations to the 
present invention, but arc used to describe typical embodiments of operation. 

In ! ; ig. 1 , the reference numeral 100 refej-s to an exemplary vulnerability 
wssessTnenf. sy.slsm (if the present invention. 'Hie ay&lem eorniftfl primarily ol'a 
manager 102,, mid one or more di>i1crc 104^ irifawiirLec-feil hy u Locyl Aro» NeUwrk 
(C-AN), a Wide Area "Network (WAN) or the Internet. The system 100 is capable of 
providing either local or remote centrally managed enterprise-wide characterization of 
(he mgimiyjil inn's telephony seCitnly pOSUm?. 

The niHu&gcT i 02 is thc-pomi of uscr-intoluce for cx*i figuring^ diuling profile 
(ruJc set), and then pushes the ptofile to the dialer 104 for execution. Each profile 
contains- a listing oflefepfmne rtumbera to he dialed and dealing parameters defined lor 
each number ot group urnumtenc. 

The dialer 1 04 lias a set of modems 106, 108, mid 1 10, which operate in 
parallel to perform each dialing task as defined by the manager 1 02. The dialer 1 (14 
mIsd includes n software prngram, which can bs desurihed u$ one or sewnd aililics. 
For the purposes of Otis explanation, 1he soltwtirc proyram includes a call 
administrator 11 2, at least one dial processor 1 14, 1 1 fi, and 1 1 H, and at least one 
ptirnstrulxlr 120, 122>an<l 124. Kadi dud processor and pcnelrtilur no? MSSOCtutcd with tl 
modem in (his embodiment. 

The- call Hdrniiiiytr^u^ 1 1 7 mwnUmis Che telephone numbers to be dialect the 
minimum (inn; delay between c%\)ls to flic same number,, and the random order of the 
numbers diulocl. The ditit processor I K dkib the modem 10o', establishes connection 
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with flic (ai£yJ.m<t:l&m. pauses lor v/iryin^ lenglhx (irf.iin^boioi*om«kingcul3^ Ulld 
determines if i\ cull should be (om down (faimnated). The pcuulrntor 1 20 controls the 
number of penaration attempts pa' will, the total number of penetration attempts 
million >i telephone numher during Ihbiscini, provides .sulululious mid midget* (o 
fcirgct systems, recognizes known sigiuilurcb\ responds to prompts from the target 
system* and performs penetrations. 

The dialer 104 tdsu muludcs an denial system manager 126 dial manages » 
collection of system names with corresponding signatures* and where applicable* 
saintatlon byee strings and nudges, for use in identifying and penetrating Yi'Y and 
unn-TTY-buwJ systems, 'Hi* dude* 104 olso includes <■ dtdMidUiwTjumic/ptissword 
database 12S that contains default uscrjiamc/piissword pairs. 

Several configurations arc possible, whereby the manager 102 and the dealer 
1 04 am on I be same platform for a single stand-alone syfclertuor for lar^e 
ovgnnmjf.ions which uuiy lx& geographical! ly xejuiraled,, rnulliple manu^eis 102 >uul 
dialers 104 may be inluroonnccCcd by a LAN, WAN and/or (lie Interact, 

Hip,s. "2A and 2B arc a process flow diagram 200 illustrating tlie detect ion 
iivoidunee process lor Ihe System 100 of mis CilveaUiOri. rsYivv referring U> V'\g % ?A, in 
step 2Q2< Ihe user wntiguro (he dialing profile (rule w£) via u iiumugcment Graphical 
User Interface (QUI) provided on (lie manager 102. As pari of tlic dialing profile, the 
after set* (be minhmuni and maximum lime delay between call* to tlieteirnenumbisT 
{(his random dialing delay prevents foe PBX from perceiving the culls as » wardialing 
attempt). The. user sets the maximum number of pciictjalion attempts on a. system per 
call (to avoid the targeted sysiein from Inuking-oul fJiepwelrHlor 170), The user also 
st:ls (lie nuLxhnum mnrilxTufpunclralionatleinpts on a system within the entire scan. 
A sample profile parameter contains; Tlicrc will be a random diaiin^ delay of fmm 1 (J 
to 20 seconds between calls, there wiJI be no moje than 3 penetration attempts per 
call, and there will be no more, than 30 total penetration attemplA on uny one system 
per Kt^irj. 

In step 204, the manager \ f)2 putfKH (he profile to I he call administrator 112. 
In siep 206, the cull iiifmiTiistTiititir 1 1 2 applies mi algorithm 1o the phone munbors in 
flic profile, scrambling (he onler of (he numbers. 
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In step 2D8« Ihc dial processor J 14 vuqucsls a number lo dhil /jx>iti (he onll 
administrator 112. 

In step 2 1 0, the call administrator 1 \ 2 determine* if thcis?. is an "eligible" 
telephone number NVilihlbU\ US iliseugKcd below unci hi liirtlier laltsr wilh 
reference lei h%. 3. If all phone numbers have been called, or if no numbers meet the 
crilcriu for elapsed (imc lK^vwi;u<!ulWspvwlieJ earlier hi step 2(12 s (he cull 
administrator 1 12 returns a "mitJ" response in step 212. ff a null response is returned, 
tbe dial processor J 1 4 delays for » varying amount of lime in slcp 213 prior to 
requesting another nuinbsr to dial in step 208. lliis random delay in requesting a 
luluphone Tiumbar causies chc elapsed time between dialing i<\ be kregular, and 
therefore appear to not be performed by » dialing npplinnet\ (hus h voiding (he 
jveiception of waidialiiij^ 

'lire dial processor 1 14 (fig. 1 ) remains in an active loop, polling the calf 
adinin&lrulnr ! 12 (fi$>. 3) lor mini hers in dial, even when all nurnbets in (he profile 
have beat dinted successfully. In s(c.p 2 3 \\ ii' the o»ll w1minislj>i(ar 1 1 2 determines 
there rs an el i^iblc phone number available, Ihc number is provided to the dial 
jn'oeessseir 1 1 4 in alep 1 1 4. 

In step 2fti, die dial processor 1 14 dials die number received from the call 
adiniriislralur 1 1 2. ( >nee a connection is established wclh the target syateni, trie dizri 
processor 1 14 pusses con (r\i I nflhuojll to Ihe penetaifor 120. 

Now referring. Lo Fiy, 2B, (he penctrofor 120 attempts fo identify (if it has not 
dojie f?o previously ) > and then penetrate the target system iji step 21 N, as discussed 
helnvv und in further d etui I biler with reference In Kifc- 4 A imd 4\i, 

In slop 220, the psnictrator 120 determines if the target system is penetrated. If 
the system lias not bceji penetrated.., the penctrator 1 20 determines If additional 
penetration attcjnpts may l>o made during the current call or subsequent callsr in step 
222. 'J Tie decision result is returned to [he dial processor 1 14. If additional 
penetration attempts can be made during the current call, the dial processor 1 54 
checks to see if a terminating event has occurred in step 224. A term mating went can 
iiidicMic fhut Ihc forget syslein Sikh ilisconnceledior ti processing timeout has occurred. 
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If ih* dial processor 114 determines that a terminating event has not occurred, thedtal 
processor loops back to s(c^ 2 1 8 rod nltcropts (o penetrate Uw target system again. 

If in step 220, the pejiccrator 120 def ermines the target system has been 
peoetrate^or if in step 222, the penctrator determines additional penetration attempts 
cumin! he made during the current call, en* if in step 224, die diaf processor 1 14 
determines \hi\t a (amhwtingcvcaithpy nowiivd, Hie ilia] prnoeysnr I 14 lews down 
thecal! in step '226. In step 22S> upon (airrination of [he call, the din I processor 1 14 
sends the calf results data to thecal! administrator 1 1 2 \vhcjc the. results arc stored. 
The dial processor 1 14- loops back 1o step 2 1 ^ Lei wail a rant loin amount of lime before 
requesting another number lo dud in step 20$. 

Fig. 3 illustrates the process 210 whereby the call adniiuistiHtor 1 12 
determines if there r« an "eligible" number available for the dial processor 114. In 
Jflep 300, flic otlll adiunuslrulor I 13 uxiirnirievS fJie list <mT telephone numbers in the 
dialing profile. In step 302, die eall ailmiiiistuitor 1 J 2 compile* a yubllv! of numbers 
line aie efigcbfe to be. dialed with icspect to the tune of day/day of week^ and the 
minimum amount ultimo ehipsed since (he bisl.oill, as discussed eiirlier in step 202. 

The cali administrator 1 12 determines if tec arc eligible phone numbers in 
the suWiet in seep 304. If there arc eligible phone numbers, the call administrator 
provide ti number U> (he dial processor 1 1 4 in step 306. I f there arc no eligible 
numbers (o dial, (he coadministrator 1 1 7 poviik'-v a "null" response to Ihe dial 
processor 114 in step 308. 

Now, particular reference will he. made to J'igs. 4A and 4U which Hfutftralelhe 
puiee&N 218 vvherehy Ihe perielrulnr I2f> ylferupls to identify and pcnelrule (holargct 
system. As previously discussed *vilh rclcnaicc to Fig. 2 A mid 2B, (lie dial processor 
1 [4 dials the number and once die modem 106 is connected^ passes control of thecal [ 
to the psnetrator 1 20. In step 400, the penetrator 1 20 waits a predetermined amounl 
of time to receive data from the target system. Some system i* answer thecall wilb n 
hiinner, but other systems wait for the ambicliug system fti prnvije (he proper midge 
vulue \i) i nil iuLelrunsjiul ions. 

J! (he penetrater 120 does noi receive data from the target system during the 
timeout period, in step 4IS % the penctrator 120 determines if a nudge Ls available. If 
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no nudge is available, during the current call, tlic dial processor 1 14 assumes control of 
(hu will utiO CcuvK<Jown Ihe uill in step 422. In step 424, upon lermiriiituin nf Ihe uill, 
(he protHJssm- 1 14 sends theoilf nesulls ihiUi (d Iheuill ildrninislraUir 112 where 
(hcrusuUrarc stored, (runud&p i* avviUbbdiiring Che current cull, th^diul puuwwr 
I M assumes eonlrol and in slop 420, tlitonrincK if any rcrmimtw& events hove 
occurred. If no tcumnathu; event has lukc pliicc* (he pcuehulor 120 sends a iiu%c? to 
Ihc target .system in step 426. The system operates m a process loop until data ifc 
received from the taiftrf system, or until ct (ainuintiny; cvunt lias ocmnxed (i.<x, run ou( 
ofnudBBfi, cartel system disconnects, or timeout for processing). 

IfdulM is received in step 4(10, in aap 402, the penetf ator 1 20 requests the 
exU>rnyl system m imager 126 in compare, the data against the collection of known 
system- specific signatures nuou^pd ^ic wlurruil system Tnunuger 17.6. In step 404* 
ihe. externa! system manager 126 tries to identify the data by comparing it with known 
system-specific signatures?. 

I f (he. external system manager 1 26' matches the data with a signature in the 
exlernul system niana&er database, the external system manager 126 then determines 
iriiic. target system is m rW -based, systexn in step 406. If the target system 5.-5 
determined In he. a rmn-TTY -based (hi nary) system, (hepeneitator 120 hnp lenient* 
(he uppropn&lt: sy.vlem-spcei h'c pmlnouls in step 40 K. In .step 41 (1, Che- penetivitor 1 70 
attempt* to penetrate the target nou-TTY-bascd (binary) system by fust using system- 
sped lie usBrnafne/jiassworiis, and then uxm£ default usernameypasxwnMs. "J 'he 
pcnclrtttiwi process mul dialing punundcra (number of odumpUt per call, lutol number 
of call backs to the number, etc.) varies as required in accordance with tlic specific 
nou-Tl'Y protocol. 

If in seep 404, the data is not identified as a signature helonging to external 
yyatem manager database lliepancfatbtr 12(1 extort new Uic last line of Uio data text 1u 
determine if it is an ASCII text prompt (for login, password, uscmamc* etc) in step 
412. [f Che data is AS 01 I text, lue penetrator 1 20 attempts (o penetrate the system 
using flixl the syxleui -specific userniUTiB/passworcJ pairs Mini Ihen the delimit 
userr»jnie/p>jft.vvvnrxl pairx in step 4 1 4. 
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If the penccrator 120 can wot determine that the data is AS< it I (e*l in step 4 1 2, 
the penetrate* 12Q warts for a prtedetemiined ;>sriml to receive tiO ill lionul data in step 
416. I r udcliiumul d»fu is ix?ccivcd during (lie timeout* the process loops back to seep 
4(19. and the pinvlvHlur HO again usks (he external system manager Vlb to itferxtrly the 
da(«, If no additional dala arrives during tlic timeout in step 416, die penetralor 120 
returns control of die call to thcdfal processor 1 14. 'Iliedisd pmcenscn- 1 14 (hen terns 
down the call m step 422. Upon terminal ion i>rilmGall a (lie dial processor 1M sends 
(howll result? data lo I he cull administrator 1 12, wherc the results arc stored in step 
424. 



ft is undcrafood lh«( the present invention can take many fornix and 
embodiments. The embodiments shown herein are intended to illusfi>i(c- ruthcr lliuu io 
limit the invention; it heing aj>preciateil thui variations may be made without 
departing from (he spiril uflhc scope of Utc invention. Tlic algorithms and process 
functions performed by the system may be organ bed into any number of different 
modules or computer programs far upend inn on one or more processors or 
workstation* within til* system. Different uiTiligijruiimw of computers and processors 
for the ftysteni arc i*>ritexTi plated. 'Hie programs used lo implement tlic methods and 
practises ohha .system inwy be implemented in any appropriate programming 
language ami run in cooperation with any hardware devrce,. ilie system may be used 
for enterprises as small as a private busing with just a few phone lines as well as for 
lur^-u ejiiurpri.^ \\l\h multiple PBX locations around the world. Accordingly, i( is 
appropriate (liat the appended claims be construed Imh'irilv und in a maimer consistent 
with the scope of the invention. 
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CLAIMS 

II. An iiiikimaibd vufneralirlrty nssessmeail system In rruTC effectively and 

2 efficiently identify and assess did up tieccss pohus by clEmmatmj; operational 

3 cliaractcristics associated witii unauthorized ucccss attempts, the system oonipr king: 

4 mean* for sequenced d toling; 

.S means for uni fcirrn 1 5 me peri ads between <lmling v ; un<l 

6 means for multiple udls to the same number in a short period of time, wherein 

7 the dialing is performed with autonomous random sequence dialing tmd varying 

8 dinting dduys between wills lo (lie same number and multiple. low-quantity 

9 punclva I iuii u (iciupl t. 

1 2. The system of claim 1 further including means for dialing a range of phiuie 

2 numbers. 

1 3. The system of claim T further including means for identi lying mcHliun and fax 

2 carriers. 

1 4. "Mir sy^Nn ijCclyiip. I further iuuluclmy: mums for identifying the 

2 eoiranumcalums application at llic laminating station dirough signature analysis. 

1 5 . The system of claim 1 f iirtlicr inelutlhiR means for disci nguish i ng between 

2 T 1'Y (J'c.letype) and binary (non-JTY) systems. 

1 ft. 'Hie system 4 > I" d u i m I f'urf J ict hud tiding means for providing imdp>e vahies. 

1 7. The system of claim 1 further incJuding means for providing, a delimit. 

2 n scmamc and login prompt val ue& associ ated wrtfi a « jseci He sysisii i . 
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18. A method for mifomated vulnerability assessment to more effectively and 

2 efficiently identify and assess dlolup access points by eliminating oncratiojiaJ 

3 characteristic* associated with unauthorized access attempts, thfc method comprising: 

4 dialing plume numbera in <i sequence; 

5 dialing plionc. numbers with uniform time period s between dialing; and 

fS dialing multiple cal k La 1he ftarlie number in a shrtrl perind ofliiTie, wheTein 

7 the dialing is performed with autonomous random soqiwn w dialing and varying 

6 dialing, delays bei ween calls (a (he same number and mult iplc lew-quantity 
9 poxtntion attempts. 

1 9. The method of claim K father dialing a range < if phone number. 

1 1 0. The method of clai m 8 further identifying modem and fax carrier?;. 

| I I x The meXlujd (if claim K lurthcr identi lyin^ 1h& cmiimunuajtton* uppliwd ION uC 

2 tlx terminating station through signature analysis. 

1 1 2. 'Ihe nitsthnd uf daini H Kiruier including ilisuiigiiifihing between TTY 

2 (Teletype) mid binary (non-TTY) systems. 

I \% 'Hie rnetfmd uFdairTi K liiriher including providing nudge virtues 

1 14. The method of claim & further including providing a default nsemame and 

2 fcigm prompt values associated with a specific fiyttem. 

I 
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115. A computer program for automated vufncrabiJity assessment to more 

7 sfTtscfi vdy and ell fctenUy identify md assess dialup access points by eliminating 

3 opcrv(ii>nyl dwnicterislics iwsDWkiliscl with, unauthorized access attempts, the computer 

4 program comprising: 

5 instructions far dialing phone minibus in a sequence; 

<> ilisliwtiuus Rir ilialing phone, nu rrihcrs with uti i Itirrn lintc purintJ s between 

7 dialing; and 

8 Instructions? for dialing multiple wills (o Che same number in u short period of 

9 time, wherein the dialing is performed wifli autonomous random sequence dialing find 

1 0 varying dialing delays between calls to the Kimc number and multiple low-quantity 

1 1 pcne&uLmii uUernpCs. 

1 1 6. The computer program of 1 5 further instructions for dealing a range of phone 

2 numbers. 

1 1 7. The computer pi ojjram of ( 5 further instructions for identifying modern and 

2 fox carriers. 

1 I R. The computer program of 1 5 further instructions for identifying the. 

2 cttiiiniunte&tfaiu application at die terminating nation through signature analysis. 

1 19. The computer [imgrarn of 15 further including irttfrucliaiis for distirigiintring 

2 between TTY (Teletype} im<1 binary (nnn-TTY) systans. 

1 20. "Hie computer ]>ix>gtam of 1 S further including irlfcfrijclioiis for providing, 

2 nudge values. 

1 21 . 'Hie computer ptogjara of 1 5 further including instructions for providing a 

2 default uscinainc and login prompt valuer assodatcd with a specific system. 
.1 

4 
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